Mar 24th, 2006, 06:57 AM
Startup servlet problem with autentication
I wrote startup servlet that do some things when jboss server start, but I have problem because I have to use some of the methods for which acegi check permissions. I have in log this mesage "A valid SecureContext was not provided in the RequestContext". As those methods in this case are called by system not by user how can I bypass that security checking.
One one mine idea was to make a new user like "System" and to log with it but I don't know how from code to tell acegi that mine startup servlet is that user.
Finaly I made a methods with same functioanality as methods defined in applicationContext for method invocation autorization but with other name.
<ref bean="authenticationManager" />
<ref local="businessAccessDecisionManager" />
<ref local="afterInvocationManager" />
<!-- ContentManagerAp -->
Mar 24th, 2006, 07:01 AM
Have a look at Acegi's RunAsManager. I haven't used it myself, so I cannot give you an example, but have a look at the reference for further information.
Mar 24th, 2006, 07:27 AM
I have looked that but that is interface that I don't know how to implement.
Mar 24th, 2006, 07:45 AM
You don't have to. Have a look at org.acegisecurity.runas.RunAsManagerImpl. There is also a brief description on usage in the API documentation.
And here a link to the according section in the reference manual.
Last edited by Andreas Senft; Mar 24th, 2006 at 07:48 AM.
Apr 14th, 2006, 05:48 AM
You just need to set SecurityContextHolder up appropriately whenever your code starts to run. If everything is coordinated from a particular bean, you could just do it within the bean itself, a bit like our anonymous authentication services work.